Internet Identity Workshop IIW 2008b – Introduction – Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst
Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop Invisible 1999 2001 2003 2005 2007 2009 IIW Johannes Ernst
Identity’s Three Pillars URL- based user- centric Digital Identity Card- Invisible based Proprietary Source: http://netmesh.info/jernst/Digital_Identity/updating-three-standards.html Johannes Ernst
The Basic User-Centric Flow Relying Party Relying Party Relying Party Is this true? Identity Yes. Identity Identity Provider Authentication Johannes Ernst
Comparison: Non-User-Centric Flow Relying Party Relying Party Relying Party Tell me about this user. Identity Authentication Identity Provider Johannes Ernst
Comparison: Stovepiped Identity Relying Party Relying Party Identity Provider Identity Provider Authentication … ? Johannes Ernst
The Basic User-Centric Flow Relying Party Relying Party Relying Party Is this true? Identity Yes. Identity Identity Provider Authentication Johannes Ernst
Who is this guy speaking right now? Please enter your OpenID here: http://netmesh.info/jernst • globally unique user name, no name conflicts • is also a link Johannes Ernst
Johannes Ernst
Who is this guy speaking right now? Please enter your OpenID here: http://netmesh.info/jernst • globally unique user name, no name conflicts • is also a link • many value-added services a springing up, example: ‣ Technorati ‣ del.icio.us ‣ Identity aggregators like claimid.com ‣ Google social graph API Johannes Ernst
Johannes Ernst
Source: http://socialgraph-resources.googlecode.com/svn/trunk/samples/findyours.html Johannes Ernst
About Myself • Founder/CEO NetMesh Inc. • Pioneered URL-based digital identity with LID™ • Board member, OpenID Foundation blog • Co-initiator, Open-Source Identity System (OSIS) http://netmesh.info/jernst • Co-initiated Yadis, the first user-centric identity convergence project • Advisory board member, Health 2.0 conference • Contributor to UML; initiator of the Object Management Group’s RT-AD effort • BMW, FZI, MSR, Integrated Systems, Aviatis • World Economic Forum “Technology Pioneer” • Doctorate, EE • Frequent speaker: Digital ID World, European Identity Conference, Comdex, PC Forum, Mix, OSCON, ETel, SDForum, UML World, Emerging Communications, Harvard, World Econonic Forum… Johannes Ernst
“My users will keep entering all the information that I ask for.” “They always have, I don’t see the need to do anything.” Johannes Ernst
Johannes Ernst
“Users in Charge” (Esther Dyson) Industrial mass production model Web 2.0, user-centric model Johannes Ernst
Kim Cameron’s Laws of Identity 1. User Control & Consent 5. Pluralism of Operators & Technologies • …only reveal information identifying a user with the user’s consent • …enable the interworking of multiple identity technologies run by multiple 2. Minimal Disclosure for a identity providers. Constrained Use 6. Human Integration • …discloses the least identifying information • …human user to be a component of the distributed system integrated through 3. Fewest/Justifiable Parties unambiguous human-machine • …disclosure of identifying information is communication limited to necessary and justifiable parties. 7. Consistent Experience 4. Directed Identity Across Contexts • …both “omnidirectional” and • …simple, consistent experience while “unidirectional” identifiers, thus facilitating enabling separation of contexts through discovery while preventing unnecessary multiple operators and technologies. release of correlation handles Source: http://www.identityblog.com/stories/2004/12/09/thelaws.html Johannes Ernst
Customer Trust Traditional marketing User-centric (future) VRM VRM They do something I choose how … and I can take it with my identity much information back and “switch it behind my back to reveal off” at any time No Trust Trust Johannes Ernst
Net Result: More Business } Do we want [hopeless] them as customers? With user-centric Won’t or can’t fill out identity you can forms or log on, but get them! will do Potential Your website customers Successfully filled out forms and logged on Johannes Ernst
Competitive Effects } [hopeless] { Your Competitor’s website website $ $ $ $ $ $ $ $ Johannes Ernst
User-Centric “Sweet Spot” Do we want them as customers? Do we want them as repeat customers? Do we want them to do business with us or the competition? Enterprise internal Tier 0 1 2 3 4 Close business partners (<10) Affiliates (100’s) Affiliates (100’s) Customers Customers Everybody else (1000’s and more) (1000’s and more) Johannes Ernst Source: http://netmesh.info/jernst/Digital_Identity/concentric-circles-2008.html
Outsource Authentication Relying Party Relying Party Relying Party Relying Party Identity Provider Yes. Authentication Identity Is this true? Identity Identity Provider Authentication Cost (old-style): Cost (user-centric): Password management Key/secret management + Password reset + Password reset + Anti-phishing + Anti-phishing + Backup tape risk / management + Backup tape risk / management + free authentication from major IdP $$$ or €€€ $$ or €€ Johannes Ernst
Affording Strong Authentication Relying Party Relying Party Relying Party … Relying Party Relying Party Identity Provider Identity Provider Strong Strong Identity Authentication Authentication … Identity Provider Strong Authentication “Shared token” • All relying parties benefit from the added security of the same token • Higher security at lower cost through cost sharing, enabled by internet-scale common protocols • Much more convenient for the user: one token, not N • Works the same for other strong auth: ✦ voice, ✦ biometrics, ✦ client certs etc. Johannes Ernst
Internet Identity Workshop IIW 2008b Thank you for your time! Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst
Recommend
More recommend
